To secure admin web console:
1. set access allowed list to limit certain IP that can access under WebConsole->Admin->Security tab;
2. change the listener port to a different one from default value 7080;
3. do not use simple password;
4. use https for admin console.